| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Handle cifs.idmap type of key. Extract a SID string from the description
and map it to either an uid or gid using winbind APIs.
If that fails (e.g. because winbind is not installed/running or winbind
returns an error), kernel assigns uid and gid (from mount superblock).
Enable including winbind header files and idmapping code conditional
to winbind devel rpms (header and library).
An entry such as this
create cifs.idmap * * /usr/sbin/cifs.idmap %k
is needed in the file /etc/request-key.conf.
[Note: Modified to not build new tool by default, and to fix up some
whitespace munging]
Modified-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
...it's rather confusing since we can compile against libcap or libcap-ng
but this is helpful for testing.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Might as well be as safe as possible. Have child drop all capabilities,
and have the parent drop all but CAP_SYS_ADMIN (needed for mounting) and
CAP_DAC_OVERRIDE (needed in case mtab isn't writable by root). We might
even eventually consider being clever and dropping CAP_DAC_OVERRIDE when
root has access to the mtab.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
